R: Eap-Tls Problem

Matteo Lazzarini mlazzarini at crema.unimi.it
Wed Aug 23 11:13:29 CEST 2006 

rad_recv: Access-Request packet from host 192.168.1.5:1218, id=97, 
length=139
    User-Name = "marcello"
    NAS-IP-Address = 192.168.1.5
    NAS-Port = 0
    Called-Station-Id = "00-40-05-30-C5-86"
    Calling-Station-Id = "00-0C-F1-15-17-59"
    NAS-Identifier = "DLink-900AP+"
    Framed-MTU = 1380
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000d016d617263656c6c6f
    Message-Authenticator = 0x198e77929c34dbae3d21887e7c8fedb6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  
'/usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822'
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822
  modcall[authorize]: module "auth_log" returns ok for request 0
  rlm_eap: EAP packet type response id 1 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 152
    users: Matched entry marcello at line 223
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 97 to 192.168.1.5 port 1218
    EAP-Message = 0x010200060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x10ffb90c0007eb49a18f61eabd573132
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.5:1218, id=98, 
length=224
    User-Name = "marcello"
    NAS-IP-Address = 192.168.1.5
    NAS-Port = 0
    Called-Station-Id = "00-40-05-30-C5-86"
    Calling-Station-Id = "00-0C-F1-15-17-59"
    NAS-Identifier = "DLink-900AP+"
    Framed-MTU = 1380
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 
0x020200500d800000004616030100410100003d030144eb3ca336a3103a0ffadab80df60c4e27696e763a5ebad813bc963683fff37800001600040005000a000900640062000300060013001200630100
    State = 0x10ffb90c0007eb49a18f61eabd573132
    Message-Authenticator = 0x3a2931277b7c91633740abd039fb5d26
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:  
'/usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822'
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822
  modcall[authorize]: module "auth_log" returns ok for request 1
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 152
    users: Matched entry marcello at line 223
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0715], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c7], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
   * TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)*
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 98 to 192.168.1.5 port 1218
    EAP-Message = 
0x0103040a0dc000000835160301004a02000046030144eb3d0386a135fa7e544226488211ed9f6d798dd3b1b667ce1057e7c6f83a2120ac760e68727c64d564fa523a839ce6ca02136b0c8d2dcf15257eaa69617fec9200040016030107150b00071100070e0002fa308202f63082025fa003020102020900f224c648347dc88c300d06092a864886f70d01010405003081b5310b3009060355040613024954310e300c060355040813054954414c593110300e0603550407130742657267616d6f31123010060355040a130947727570706f696d69311e301c060355040a13153830322e31782041757468656e7469636174696f6e3110300e06035504
    EAP-Message = 
0x0b1307696d692073726c311630140603550403130d43412d467265657261646975733126302406092a864886f70d0109011617667265657261646975734067727570706f696d692e6974301e170d3036303832323136333935375a170d3037303832323136333935375a3081aa310b3009060355040613024954310e300c060355040813054954414c593110300e0603550407130742657267616d6f31123010060355040a130947727570706f696d69311e301c060355040a13153830322e31782041757468656e7469636174696f6e3110300e060355040b1307696d692073726c310f300d060355040313066a61676765723122302006092a864886
    EAP-Message = 
0xf70d01090116136a61676765724067727570706f696d692e697430819f300d06092a864886f70d010101050003818d0030818902818100c2889e425836d09f8235751e0ff076778dfad149ef3ef3f5d474375ad07c6d7d8924c1626b2c5478638564287fb4023b5ce68bcd0ffd7c21ac57d06ef8ef98f5ab9d5de84379f4f64bdef487a93350102d22f58200f16000756e3e98a677881f171155a679058c72d7a23d88e9d29daa1be63a014dca55ab45ac4383f04dbf610203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100b2288be7befe02ede8b87a2965337aaa586ac346be
    EAP-Message = 
0x14150f8914a326d60ec602e4e2076441b2266b013a2a5a6a083adf3abad567d1581e42fe22dfba9ae4b1a6e08333fe84d50950a5ff6a918f1bdcde276c6563d208ab5b6e95128e38e9454314e3a8be08896e031ef2f1332347d9b93e6caa8761ef5e9758ef6618946f816e00040e3082040a30820373a003020102020900f224c648347dc88a300d06092a864886f70d01010405003081b5310b3009060355040613024954310e300c060355040813054954414c593110300e0603550407130742657267616d6f31123010060355040a130947727570706f696d69311e301c060355040a13153830322e31782041757468656e7469636174696f6e3110
    EAP-Message = 0x300e060355040b1307696d692073726c311630140603
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x582723ed1968a3dbf4d299bf04f83d9c
Finished request 1
Going to the next request
Waking up in 6 seconds...

Can somebody said me what for I have this  fault?
I have used for TLS the certs made with the CA.all script in the 
freeradius scripts directory.
I have used also certs made with other scripts find in internet.
But the error is the same.

More information about the Freeradius-Devel mailing list